T2W – Trojan 2 Worm (Constructor/Wormer) – Script Kiddie Paradise!

Many of us have seen the movie where the brilliant young computer hacker saves the world; or the one in which the geeky technical genius assists the police in breaking the case wide open, fingers flying over the keyboard, working his magic on the criminal’s computer system.

So what about it; do these types of computer wizards really exist? Well, to some extent there’s some truth in this; but not much.

Taken together, Hollywood’s portrayal of the genius hacker, and the virtual epidemic of malware currently circulating on the Internet, it’s easy to understand why most typical computer users’ have come to believe that hackers are a special breed of evil genius possessing a wealth of computer related skills unknown to the rest of us.

It’s just as likely however, that the malware attempting to infect your system (there are 3,000 new strains every day), was built by one of the so called “Script Kiddies”, who roam the Internet, as opposed to a truly knowledgeable criminal computer wizard.

To paraphrase Wikipedia: a script kiddie is an inexperienced malicious hacker who lacks the ability to write sophisticated hacking programs and who uses programs developed by others to attack computer systems, and deface websites.

With the dramatic increase in user participation on MySpace, FaceBook, and other social networking sites, the attack surface for malware development tools used by these hacker wannabes has increased proportionately.

Now a new Script Kiddie tool has been discovered by Panda Software which reports this morning on the T2W (Trojan2 Worm) application, also known as Constructor/Wormer. According to Panda, the main function of this malware creator is to convert an executable file (virtually any executable file), into a worm, giving it the capacity to spread itself.

According to Panda, this application, which is driven by a point and click interface, makes it dead easy to construct a worm that allows the selection of a specific infection date, disables particular options of the operating system, including the Task Manager, Windows Registry Editor, and Folder Options. The malware can be crafted to function with popular Internet Browsers including Internet Explorer, FireFox, and Opera.

Given that Script Kiddies generally have limited hacking skills, the question is – who would build and distribute this type of destructive application? The consensus in the Internet security community is: the real cyber criminals.

In Panda’s view, the strategic objective of the real cyber criminals is to create a situation in which the distraction created by Script Kiddies flooding the Internet with malware created by T2W, will increase the opportunity for the more insidious banker Trojans (created by them), to commit mass identity theft.

What you can do to reduce the chances of your system becoming infected.

Do not click on unsolicited invitations to download software of any kind.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

For information on free security software and download links to that software read: Need Free Security Programs? -10 of the Best, on this Blog.